fix: resolve SonarQube issues in optAnalyticsController and optanalyticsRoutes

Author: alishawalunj

src/controllers/optAnalyticsController.js

@@ -7,94 +7,103 @@ const isValidDate = (date) => {
   return !Number.isNaN(parsedDate.getTime());
 };
 
-module.exports = () => ({
-  getOPTStatusBreakdown: async (req, res, next) => {
-    try {
-      const { startDate, endDate, role } = req.query;
-      const query = {};
+const parseDateParam = (dateStr, fieldName, res) => {
+  if (!isValidDate(dateStr)) {
+    res.status(400).json({ message: `Invalid ${fieldName}. Use ISO format (YYYY-MM-DD).` });
+    return null;
+  }
+  const parsed = new Date(dateStr);
+  if (Number.isNaN(parsed.getTime())) {
+    res.status(400).json({ message: `Invalid ${fieldName}. Use ISO format (YYYY-MM-DD).` });
+    return null;
+  }
+  return parsed;
+};
 
-      let start;
-      let end;
+const validateDateRange = (start, end, startDate, endDate, res) => {
+  if (start && end && start > end) {
+    res.status(400).json({ message: 'startDate cannot be greater than endDate.' });
+    return false;
+  }
+  if (startDate && endDate && start.toDateString() === end.toDateString()) {
+    res.status(400).json({ message: 'startDate and endDate cannot be the same.' });
+    return false;
+  }
+  return true;
+};
 
-      if (startDate) {
-        if (!isValidDate(startDate)) {
-          return res.status(400).json({
-            message: 'Invalid startDate. Use ISO format (YYYY-MM-DD).',
-          });
-        }
-        start = new Date(startDate);
-        if (Number.isNaN(start.getTime())) {
-          return res.status(400).json({
-            message: 'Invalid startDate. Use ISO format (YYYY-MM-DD).',
-          });
-        }
-      }
+const sanitizeRole = (role) => {
+  if (!role) return null;
+  const str = String(role);
+  return str.replace(/[^a-zA-Z0-9 _-]/g, '');
+};
 
-      if (endDate) {
-        if (!isValidDate(endDate)) {
-          return res.status(400).json({
-            message: 'Invalid endDate. Use ISO format (YYYY-MM-DD).',
-          });
-        }
-        end = new Date(endDate);
-        if (Number.isNaN(end.getTime())) {
-          return res.status(400).json({
-            message: 'Invalid endDate. Use ISO format (YYYY-MM-DD).',
-          });
-        }
-      }
+const buildQuery = (start, end, role) => {
+  const query = {};
+  if (start || end) {
+    query.applicationDate = {};
+    if (start) query.applicationDate.$gte = start;
+    if (end) query.applicationDate.$lte = end;
+  }
+  const safeRole = sanitizeRole(role);
+  if (safeRole) {
+    query.role = safeRole;
+  }
+  return query;
+};
 
-      if (start && end && start > end) {
-        return res.status(400).json({
-          message: 'startDate cannot be greater than endDate.',
-        });
-      }
+const computeBreakdown = (result) => {
+  const totalCandidates = result.length;
+  const breakDownMap = {};
+  result.forEach(({ optStatus }) => {
+    breakDownMap[optStatus] = (breakDownMap[optStatus] || 0) + 1;
+  });
+  const breakDown = Object.entries(breakDownMap).map(([optStatus, count]) => ({
+    optStatus,
+    count,
+    percentage: Number(((count / totalCandidates) * 100).toFixed(2)),
+  }));
+  return { totalCandidates, breakDown };
+};
 
-      if (startDate && endDate && start.toDateString() === end.toDateString()) {
-        return res.status(400).json({
-          message: 'startDate and endDate cannot be the same.',
-        });
-      }
+module.exports = function optAnalyticsController() {
+  return {
+    getOPTStatusBreakdown: async function getOPTStatusBreakdown(req, res, next) {
+      try {
+        const { startDate, endDate, role } = req.query;
 
-      if (start || end) {
-        query.applicationDate = {};
-        if (start) query.applicationDate.$gte = start;
-        if (end) query.applicationDate.$lte = end;
-      }
+        let start;
+        let end;
 
-      if (role) {
-        query.role = role;
-      }
+        if (startDate) {
+          start = parseDateParam(startDate, 'startDate', res);
+          if (start === null) return null;
+        }
 
-      const result = await CandidateOPTStatus.find(query);
+        if (endDate) {
+          end = parseDateParam(endDate, 'endDate', res);
+          if (end === null) return null;
+        }
 
-      if (!result.length) {
-        return res.json({
-          totalCandidates: 0,
-          breakDown: [],
-          message: 'No records found for the given filters.',
-        });
-      }
+        if (!validateDateRange(start, end, startDate, endDate, res)) return null;
 
-      const totalCandidates = result.length;
-      const breakDownMap = {};
+        const query = buildQuery(start, end, role);
 
-      result.forEach(({ optStatus }) => {
-        breakDownMap[optStatus] = (breakDownMap[optStatus] || 0) + 1;
-      });
+        const result = await CandidateOPTStatus.find(query);
 
-      const breakDown = Object.entries(breakDownMap).map(([optStatus, count]) => ({
-        optStatus,
-        count,
-        percentage: Number(((count / totalCandidates) * 100).toFixed(2)),
-      }));
+        if (!result.length) {
+          return res.json({
+            totalCandidates: 0,
+            breakDown: [],
+            message: 'No records found for the given filters.',
+          });
+        }
 
-      return res.json({
-        totalCandidates,
-        breakDown,
-      });
-    } catch (err) {
-      next(err);
-    }
-  },
-});
+        return res.json(computeBreakdown(result));
+      } catch (err) {
+        next(err);
+      }
+      return null;
+    },
+  };
+};

src/routes/optanalyticsRoutes.js

@@ -1,9 +1,8 @@
 const express = require('express');
 
-module.exports = function () {
+module.exports = function optAnalyticsRoutes() {
   const router = express.Router();
   const optAnalyticsController = require('../controllers/optAnalyticsController')();
   router.get('/opt-status', optAnalyticsController.getOPTStatusBreakdown);
-
   return router;
 };